PyPI package
mayan-edms
pkg:pypi/mayan-edms
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14692 | Med | 4.3 | >= 4.10.0, < 4.10.2 | 4.10.2 | Dec 15, 2025 | A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version | |
| CVE-2025-14691 | Med | 4.3 | >= 4.10.0, < 4.10.2 | 4.10.2 | Dec 14, 2025 | A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to ve | |
| CVE-2022-47419 | — | < 4.3.6 | 4.3.6 | Feb 7, 2023 | An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. | ||
| CVE-2018-16407 | — | < 3.0.3 | 3.0.3 | Sep 3, 2018 | An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. | ||
| CVE-2018-16406 | — | < 3.0.2 | 3.0.2 | Sep 3, 2018 | An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. | ||
| CVE-2018-16405 | — | < 3.0.2 | 3.0.2 | Sep 3, 2018 | An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. | ||
| CVE-2014-3840 | — | >= 0 | — | May 27, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bo |
- affected >= 4.10.0, < 4.10.2fixed 4.10.2
A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version
- affected >= 4.10.0, < 4.10.2fixed 4.10.2
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to ve
- CVE-2022-47419Feb 7, 2023affected < 4.3.6fixed 4.3.6
An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
- CVE-2018-16407Sep 3, 2018affected < 3.0.3fixed 3.0.3
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.
- CVE-2018-16406Sep 3, 2018affected < 3.0.2fixed 3.0.2
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.
- CVE-2018-16405Sep 3, 2018affected < 3.0.2fixed 3.0.2
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.
- CVE-2014-3840May 27, 2014affected >= 0
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bo